• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   July Malware Roundup

July Malware Roundup

  • Posted on:August 10, 2007 at 2:27 am
  • Posted in:Bad Sites
  • Author:
    Jasper Pimentel (Advanced Threats Researcher)
0

For the month of July, we’ve seen the increasing popularity of iPhone since it debuted last June, the United States 231st celebration of its independence and the release of the movie adaptation of Harry Potter and the Order of the Phoenix. Unfortunately, a lot of threats that have emerged in July took advantage of these events. Let’s have a recap on what happened last month.



Notable Malware:

TROJ_AYFONE.A.
A Trojan capitalizing on the iPhone’s popularity, this malware installs itself as a BHO on a system and hooks itself on IE such that it is able to open a popup window whenever a user visits the popular Web sites www.yahoo.com and www.google.com. It is known to employ a phishing technique by redirecting the user’s browser to a fake iPhone purchase site.

WORM_HAIRY.A. This worm capitalized on the popularity of Harry Potter and some related events that happened in July, which included the premiere of the new movie in the Harry Potter series and the launching of the final book, Harry Potter and the Deathly Hallows. WORM_HAIRY.A has been observed to display messages with anti-Harry Potter sentiments.

WORM_NUWAR.FU and WORM_NUWAR.GT.
Two new variants of WORM_NUWAR took advantage of the July 4 holidays. It spread through email messages as ecard.exe, posing as a greeting card/postcard that contained Fourth of July greetings.

BKDR_FONAMEBOT.A. This is a proof of concept backdoor that made use of DNS protocol instead of IRC channels to communicate with its bot masters. Compromised DNS servers can be utilized to cover the tracks of remote malicious users.

TSPY_KOLLAH.F. This is the latest ransomware that has been discovered to date. TSPY_KOLLAH.F encrypts the user’s data files (Office documents, Excel spreadsheets, Power Point presentations, etc.) with an RSA-4096 encrpytion tool. Large companies have been reported to affected by this ransomware, mostly in the United States. A ransom note is dropped in the affected system claiming that unless the victim pays $300 for the decryptor, the perpetrators will share the encrypted data. Sounds like something from a hacker movie, don’t you think?

Web Threats:

TROJ_BANLOAD.CGL. . Malware authors wasted no time in taking advantage of the news of a Brazilian plane accident. This Trojan arrived in a spammed email with a link to a “video” of the accident. Of course, the link is actually a malicious site that downloads a copy of a spyware on the user’s system.

VVINDOWSUPDATE.COM. This isn’t an actual web threat yet, but could become one in the future. It is simply a domain registered as VVINDOWSUPDATE.COM, with a double V instead of a W. The use of the double V is intentional; it was possibly meant to trick users into thinking that this domain is the actual update site for Windows. Although there are no pages on the site yet, it’s highly possible that VVINDOWSUPDATE.COM can be used for future web threat attacks.

Vulnerabilities:

IPhone and Safari. A vulnerability was found in the Safari browser bundled with iPhone. When exploited, this vulnerability allows remote user to execute code on the device. Other researchers also determined the passwords that were used for application root and mobile access. Because of the gaining popularity of their products, Apple is fast becoming a target for exploits and bugs.

IE and Firefox Tandem. A cross browser vulnerability exists in Internet Explorer and Firefox. This means that IE can be employed to run possibly malicious codes in Firefox 2.0. The culprit responsible for this are the vulnerable parameters that are passed between browsers. However, no actual malware exploiting vulnerability has been discovered yet.

Trillian Instant Messenger. Recently, a couple of vulnerabilities were discovered in this IM application regarding how it processed certain URIs. The first vulnerability can be exploited to automatically execute a potentially malicious file on the user’s system while the second one can be used to cause buffer overflows


In addition, here’s a glimpse of the prevalent malware that we’ve captured for July. These are the malware families with more than 100 variants.


MalwareFamilies.jpg


So that’s it for the month of July. Let’s see what August has for us in next month’s Malware Roundup.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.